# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.

class ApplicationController < ActionController::Base
	
  before_filter :authorize, :except => :login
  session :session_key => '_pollster_session_id'	
  
  helper :all # include all helpers, all the time

  # See ActionController::RequestForgeryProtection for details
  # Uncomment the :secret if you're not using the cookie session store
  #protect_from_forgery  :secret => '835a99291977db8b398830d3863de28f'
  
  	protected
	def authorize
		unless User.find_by_id(session[:user_id])
		flash[:notice] = "Please log in"
		redirect_to :controller => :main, :action => :login
		end
	end

	protected
	def authorizeAdmin
		unless User.find_by_id(session[:user_id]).access_level >= 3
		flash[:notice] = "Please log in"
		redirect_to :controller => :main, :action => :index
		end
	end
	
	protected
	def authorizeSurveyer
		unless User.find_by_id(session[:user_id]).access_level >= 2
		flash[:notice] = "Please log in"
		redirect_to :controller => :main, :action => :index
		end
	end
	
	protected
	def authorizeSurveyee
		unless User.find_by_id(session[:user_id]).access_level >= 1
		flash[:notice] = "Please log in"
		redirect_to :controller => :main, :action => :index
		end
	end
	
	protected
	def authorizeAuthor
		author_id=Survey.find(params[:id]).user.id
		unless session[:user_id] == author_id
			flash[:notice] = "Please log in"
			redirect_to :controller => :main, :action => :index
		end
	end
	
	protected
	def authorizeEditor
		author_id=Survey.find(params[:id]).user.id
		unless session[:user_id] == author_id
			flash[:notice] = "Please log in"
			redirect_to :controller => :main, :action => :index
		end
	end



end
